<?php
function update_user($update_data)	{
	global $session_user_id;	//Vi henter en variabel fra init.php kalt $session_user_id. 
	$update = array();
	array_walk($update_data, 'array_sanitize');
	
	foreach($update_data as $field=>$data)	{
		$update[] = '`' . $field . '` = \'' . $data . '\'';
	}
	
	mysql_query("UPDATE users SET " . implode(', ', $update) . " WHERE user_id = $session_user_id");	
}

//aktiver brukerkontoen
function activate($email, $email_code)	{
	$email			= mysql_real_escape_string($email);
	$email_code	= mysql_real_escape_string($email_code);
	
	if(mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM users WHERE email = '$email' AND email_code = '$email_code' AND active = 0"), 0) == 1)	{
			mysql_query("UPDATE users SET active = 1 WHERE email = '$email'");
			return true;
	}	else	{
			return false;
	}
}

function change_password($user_id, $password)	{
	$user_id = (int)$user_id;
	$password = md5($password);
	//oppdater passordet til den spesifikk brukeren gjennom å bruke user_id = $user_id.
	//hvis vi ikke hadde brukt 'WHERE user_id = $user_id', så ville alle passord blitt oppdatert
	mysql_query("UPDATE users SET password = '$password' WHERE user_id = $user_id");
}

//registrerer brukeren i vår database
function register_user($register_data)	{
	//går gjennom hele arrayen med sanitize
	array_walk($register_data, 'array_sanitize');
	//md5 encryption for sikkerhet
	$register_data['password'] = md5($register_data['password']);
	
	$fields = '`' . implode('`, `', array_keys($register_data)) . '`';
	$data = '\'' . implode('\', \'', $register_data) . '\'';
	
	mysql_query("INSERT INTO users ($fields) VALUES ($data)");
	email($register_data['email'], 'Aktiver kontoen din', "Hei " . $register_data['first_name'] . ",\n\n Du må aktivere kontoen din, klikk linken nedenfor:\n\n http://prosjekt.hia.no/users/sigveb13/include_testing/activate.php?email=" . $register_data['email'] . "&email_code=" . $register_data['email_code'] . "\n\n - Nashout");
}

function user_count()	{
	return mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM users WHERE active = 1"), 0);
}


function user_data($user_id)	{
	$data = array();
	$user_id = (int)$user_id;	//hindrer sql injection, fjerner karakterer gjennom sanitize
	
	$func_num_args = func_num_args();	//antall parametere som hentes fra databasen. 7 i vårt tilfelle
	$func_get_args = func_get_args();
	
	if($func_num_args > 1)	{
		unset($func_get_args[0]);
		
		$fields = '`' . implode('`, `', $func_get_args) . '`';
		$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM users WHERE user_id = $user_id"));
		
		return $data;
	}
}

function logged_in()	{
	return (isset($_SESSION['user_id'])) ? true : false;
}

function admin($username)	{
	$username = sanitize($username);
	return(mysql_result(mysql_query("SELECT COUNT('user_id') FROM users WHERE username = '$username' AND user_level = 1"), 0) == 1)	?	true : false;

}


function user_exists($username)		{
	$username = sanitize($username);
	return(mysql_result(mysql_query("SELECT COUNT('user_id') FROM users WHERE username = '$username'"), 0) == 1)	?	true : false;
}

function email_exists($email)		{
	$email = sanitize($email);
	return(mysql_result(mysql_query("SELECT COUNT('user_id') FROM users WHERE email = '$email'"), 0) == 1)	?	true : false;
}

function user_active($username)		{
	$username = sanitize($username);
	return(mysql_result(mysql_query("SELECT COUNT('user_id') FROM users WHERE username = '$username' AND active = 1"), 0) == 1)	?	true : false;
}

function user_id_from_username($username)	{
	$username = sanitize($username);
	return mysql_result(mysql_query("SELECT user_id FROM users WHERE username = '$username'"), 0, 'user_id');
}


function login($username, $password)	{
	//Passord er kryptert med MD5 i MySQL. La funksjonen tolke krypteringen.
	$user_id = user_id_from_username($username);
	
	$username = sanitize($username);
	$password = md5($password);
	
	return(mysql_result(mysql_query("SELECT COUNT('user_id') FROM users WHERE username = '$username' AND password = '$password'"), 0) == 1) ? $user_id : false;
}

?>